IPFIX Working Group                                        P. Aitken
Internet-Draft                                         Cisco Systems
Intended status: Standards Track
Expires: July 4, 2015                                    July 4, 2014




          Reporting Equivalent IPFIX Information Elements
                draft-aitken-ipfix-equivalent-ies-02

   Abstract

      This document specifies a method for an
      IPFIX Exporting Process to inform an IPFIX Collecting Process
      of equivalence between different Information Elements, so
      that the Collecting Process can understand the equivalence
      and be enabled to process data across a change of
      Information Elements.


   Status of this Memo

      This Internet-Draft is submitted in full conformance with the
      provisions of BCP 78 and BCP 79.

      Internet-Drafts are working documents of the Internet
      Engineering Task Force (IETF). Note that other groups may
      also distribute working documents as Internet-Drafts. The
      list of current Internet-Drafts is at
      http://datatracker.ietf.org/drafts/current/.

      Internet-Drafts are draft documents valid for a maximum of
      six months and may be updated, replaced, or obsoleted by
      other documents at any time. It is inappropriate to use
      Internet-Drafts as reference material or to cite them other
      than as "work in progress."

      This Internet-Draft will expire on July 1, 2014.




Aitken                    Expires July 2015                 [Page 1]


Internet-Draft    Reporting Equivalent IPFIX IEs         July 2014

  Copyright Notice

       Copyright (c) 2014 IETF Trust and the persons identified as
       the document authors. All rights reserved.

       This document is subject to BCP 78 and the IETF Trust's Legal
       Provisions Relating to IETF Documents
       (http://trustee.ietf.org/license-info) in effect on the date
       of publication of this document. Please review these
       documents carefully, as they describe your rights and
       restrictions with respect to this document. Code Components
       extracted from this document must include Simplified BSD
       License text as described in Section 4.e of the Trust Legal
       Provisions and are provided without warranty as described in
       the Simplified BSD License.


Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
   NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described
   in RFC 2119 [RFC2119].




Table of Contents

   1   Introduction ...........................................  4
   2   Terminology ............................................  6
   3   Method .................................................  6
   3.1 Equivalence Message Format .............................  6
   4   The Collecting Process's Side ..........................  9
   5   Security Considerations ................................  9
   6   IANA Considerations .................................... 10
   7   References ............................................. 11
   7.1 Normative References ................................... 11
   7.2 Informative References ................................. 12
   8   Acknowledgements ....................................... 12
   9   Author's Addresses ..................................... 12




Aitken                    Expires July 2015                 [Page 2]


Internet-Draft    Reporting Equivalent IPFIX IEs         July 2014


1   Introduction

    The IPFIX Protocol [RFC7011] can export a large number of
    Information Elements, including standard Information Elements
    specified in the IPFIX information model [RFC7012],
    Information Elements in IANA's IPFIX registry [IANA-IPFIX],
    enterprise-specific Information Elements [RFC7011], and
    Information Elements that are backwards compatible with
    NetFlow Version 9 [RFC3954].

    From time to time, an Exporting Process may export the same
    information using different Information Elements from before.

    Use cases include:

       * Enterprise-specific Information Elements have been
         standardized, so the Exporting Process is changed to
         export the IANA standard Information Elements [IANA-IPFIX]
         rather than the enterprise-specific Information Elements.

       * The Exporting Process is changed to export IANA standard
         Information Elements [IANA-IPFIX] rather than NetFlow
         version 9 fields [RFC3954].

       * The Exporting Process is updated to export different
         enterprise-specific Information Elements.

       * An updated Metering Process requests that the Exporting
         Process exports using different Information Elements from
         before.

       * An Exporting Process which does not implement
         [IPFIX-MIB-VARIABLE-EXPORT] indicates that an
         enterprise-specific Information Element contains the same
         information as a specific MIB OID.

    In each case it's important to note that the same information
    is being exported. The only change is in the Information
    Element used to export the information.

    Since different Information Elements are now being used to
    express the same information, the Collecting Process cannot
    process data received before the change with data received
    after the change, because the Collecting Process does not know
    that these Information Elements are related. It's not possible
    to compare, aggregate, or sort data across such a change
    without first understanding that the old and new Information
    Elements are equivalent.

Aitken                    Expires July 2015                 [Page 3]


Internet-Draft    Reporting Equivalent IPFIX IEs         July 2014

    Furthermore, it's impossible for every Collecting Process to
    know how each IANA standard Information Element [IANA-IPFIX]
    relates to every company's enterprise-specific Information
    Elements. i.e., a Collecting Process from company X cannot be
    expected to know that company Y's Exporting Process exports

    enterprise-specific field Z which is equivalent to a certain
    IANA standard element.

    This document specifies a method for an Exporting Process to
    inform a Collecting Process of such equivalence, so that the
    Collecting Process is able to process data across the change.


2   Terminology

    Original Information Element:
          The Original Information Element specifies the old
          Information Element which has been exported until now.

    Equivalent Information Element:
          The Equivalent Information Element specifies the new
          Information Element which will been exported in future.

    IE:
          Shorthand for "Information Element" in the figures.

    Other terms used in this document are defined in the
    Terminology section of the IPFIX Protocol [RFC7011] and are to
    be interpreted as defined there.




Aitken                    Expires July 2015                 [Page 4]


Internet-Draft    Reporting Equivalent IPFIX IEs         July 2014


3   Method

    An Exporting Process informs a Collecting Process of the
    equivalence of a pair of IPFIX Information Elements by
    exporting an IPFIX Equivalence Message. Equivalence Messages
    SHOULD be sent by the Exporting Process upon opening a new
    Transport Session, before any other IPFIX Messages are
    exported. In any case, an Equivalence Message MUST be sent
    before exporting the Equivalent Information Element(s) to which
    it pertains. i.e. Equivalence Messages do not apply
    retrospectively.

    An Equivalence Message may be sent in an Options Record Scoped
    to the Exporter. Multiple Equivalence Messages may be sent
    using IPFIX Structured Data [RFC6313].


3.1 Equivalence Message Format

    The Equivalence Message consists of an original Information
    Element in the "informationElementId" field (#303), followed by
    the equivalent Information Element in the "equivalentElementId"
    field (#TBD), using the Template shown in Figure 1 and Data
    Record shown in Figure 2:

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |E|  informationElementId #303  |       Field Length            |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |E|  equivalentElementId #TBD   |       Field Length            |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                   Figure 1: Template for Equivalence Message


                   --+-+---------------+-+---------------+--
                 ... |E|  Original IE  |E| Equivalent IE | ...
                   --+-+---------------+-+---------------+--

                   Figure 2: Equivalence Message Data Record


    The encoding of these Information Elements follows the rules
    specified in [RFC7011].


Aitken                    Expires July 2015                 [Page 5]


Internet-Draft    Reporting Equivalent IPFIX IEs         July 2014

3.1.1 Equivalence between IANA standard Information Elements

   When the Original Information Element and the
   Equivalent Information Element are both IANA standard elements
   [IANA-IPFIX], both of the E bits are zero and the Equivalence
   Message is as shown in Figure 1.


3.1.2 Equivalence Message with an Enterprise-Specific
      Original Information Element

   When the Original Information Element is enterprise-specific,
   the Original Information Element's E bit is set and the
   Information Element number is immediately followed by the
   corresponding Private Enterprise Number [PEN], as shown in
   Figure 3:

+-+---------------+----------------------------------+-+---------------+
|1|  Original IE  |     Private Enterprise Number    |0| Equivalent IE |
+-+---------------+----------------------------------+-+---------------+

           Figure 3: Equivalence Message with an Enterprise-Specific
                          Original Information Element


   This allows an enterprise-specific Information Element to be
   specified as equivalent to an IANA standard Information
   Element.


3.1.3 Equivalence Message with an Enterprise-Specific
      Equivalent Information Element

   When the Equivalent Information Element is enterprise-specific,
   the Equivalent Information Element's E bit is set and the
   Information Element number is immediately followed by the
   corresponding Private Enterprise Number [PEN] as shown in
   Figure 4:

+-+---------------+-+---------------+----------------------------------+
|0|  Original IE  |1| Equivalent IE |    Private Enterprise Number     |
+-+---------------+-+---------------+----------------------------------+

           Figure 4: Equivalence Message with an Enterprise-Specific
                         Equivalent Information Element


   This allows an IANA standard Information Element to be
   specified as equivalent to an enterprise-specific Information
   Element.


Aitken                    Expires July 2015                 [Page 6]


Internet-Draft    Reporting Equivalent IPFIX IEs         July 2014

3.1.4 Equivalence Message with an
      Enterprise-Specific Original Information Element and
      Enterprise-Specific Equivalent Information Element

   When both of the Information Elements are enterprise-specific,
   both of the E bits are set and both Information Element numbers
   are immediately followed by their corresponding Private
   Enterprise Number [PEN] as shown in Figure 5:

           +-+---------------+----------------------------------+
           |1|  Original IE  |    Private Enterprise Number     | ...
           +-+---------------+----------------------------------+
               +-+---------------+----------------------------------+
           ... |1| Equivalent IE |    Private Enterprise Number     |
               +-+---------------+----------------------------------+

           Figure 5: Equivalence Message with two enterprise-specific
                              Information Elements


   This allows two enterprise-specific Information Elements to be
   specified as equivalent.

   Note that the Private Enterprise Numbers do not have to be
   equal. i.e., the Information Elements may belong to different
   Private Enterprises.


Aitken                    Expires July 2015                 [Page 7]


Internet-Draft    Reporting Equivalent IPFIX IEs         July 2014


3.1.5 Equivalence Message with a
      MIB Object Original Information Element

    In this special case, the Equivalence Message Template contains
    a MIB Object Identifier [IPFIX-MIB-VARIABLE-EXPORT] with the
    corresponding E bit set to zero, followed by the
    equivalentElementId, as shown in Figure 6:

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |0|  mibObjectIdentifier #MIB   |         Field Length          |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |E|  equivalentElementId #TBD   |         Field Length          |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

             Figure 6: Template for MIB Object Equivalence Message


    The MIB object details for the Original Information Element are
    specified per [IPFIX-MIB-VARIABLE-EXPORT].

    The Equivalent Information Element may be an IANA standard
    Information Element as shown in Figure 7, or an
    enterprise-specific Information Element as shown in Figure 8.

                     +-+---------------+-+---------------+
                     |0|mibObjectIdent.|0| Equivalent IE |
                     +-+---------------+-+---------------+

                   Figure 7: MIB Equivalence Message with an
                       IANA-standard Information Element


+-+---------------+-+---------------+----------------------------------+
|0|mibObjectIdent.|1| Equivalent IE |    Private Enterprise Number     |
+-+---------------+-+---------------+----------------------------------+

                   Figure 8: MIB Equivalence Message with an
                    Enterprise-Specific Information Element


4   The Collecting Process's Side

    Equivalence Messages have global scope, unless they're sent in
    an Options Message with a more restrictive scope, e.g. an
    Options Record Scoped to the Exporter.

    i.e., unless otherwise restricted, the specified equivalence
    applies to all devices. Therefore the Collecting Process does
    not need to maintain equivalence per device.

Aitken                    Expires July 2015                 [Page 8]


Internet-Draft    Reporting Equivalent IPFIX IEs         July 2014

5   Security Considerations

    The same security considerations apply as for the IPFIX
    Protocol [RFC7011].


6   IANA Considerations

    A new Information Element "equivalentElementId" must be
    allocated in IANA's IPFIX registry, [IANA-IPFIX]:

    Description: This Information Element contains the ID of an
    equivalent Information Element, which is specified in an
    IPFIX Equivalence Message.

    Abstract Data Type: Unsigned16

    Data Type Semantics: identifier

    ElementId: TBD

    Status: current

    Reference: [this document]


    [RFC-EDITOR: The assigned value "TBD" is to be replaced
    throughout this document.]




Aitken                    Expires July 2015                 [Page 9]


Internet-Draft    Reporting Equivalent IPFIX IEs         July 2014


7   References

7.1 Normative References

    [RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken,
            "Specification of the
             IP Flow Information Export (IPFIX)
             Protocol for the Exchange of Flow Information",
            STD 77, RFC 7011, September 2013.
    [RFC7012] Claise, B., Ed., and B. Trammell, Ed.,
            "Information Model for
             IP Flow Information Export (IPFIX)",
            RFC 7012, September 2013.
    [IANA-IPFIX]
            IANA, "IPFIX Information Elements registry",
            <http://www.iana.org/assignments/ipfix/ipfix.xml>.
    [IPFIX-MIB-VARIABLE-EXPORT]
            Aitken, P, Claise, B, McDowell, C, and Schonwalder, J,
            "Exporting MIB Variables using the IPFIX Protocol"
            (WIP)
    [RFC2119] S. Bradner, Key words for use in RFCs to Indicate
             Requirement Levels, BCP 14, RFC 2119, March 1997



7.2 Informative References

    [RFC3954] Claise, B., Ed., "Cisco Systems NetFlow Services
              Export Version 9", RFC 3954, October 2004.
    [RFC6313] Claise, B., Dhandapani, G., Aitken, P., and S. Yates,
           "Export of Structured Data in IP Flow Information Export
           (IPFIX)", RFC 6313, July 2011.
    [PEN] IANA, "Private Enterprise Numbers registry",
          <http://www.iana.org/assignments/enterprise-numbers>.



8   Acknowledgements

    Thanks to you, dear reader.




Aitken                    Expires July 2015                 [Page 10]


Internet-Draft    Reporting Equivalent IPFIX IEs         July 2014

9   Author's Address

         Paul Aitken
         Cisco Systems, Inc.
         96 Commercial Quay
         Commercial Street
         Edinburgh, EH6 6LX,
         UK
         Phone: +44 131 561 3616
         Email: paitken@cisco.com




Aitken                    Expires July 2015                 [Page 11]